ISC is excited to announce the release of BIND 9.9.4, featuring Response Rate Limiting (RRL), security patches, and bug fixes for DNSSEC, RPZ and configuration modules. The latest dot release ensures the stability, robustness and security of your critical Internet infrastructure. Response Rate Limiting (RRL) A DNS DDoS attack works by forging queries that look like they came from the

You may have heard recently that Response Rate Limiting (RRL) has re-opened the door on cache poisoning attacks (see CVE-2013-5661). ISC acknowledges that RRL can increase the effectiveness of cache poisoning attacks and appreciates the detailed research that uncovered it. This is, however, only one piece in the larger context of competing security concerns, and each operator will need to

Internet Systems Consortium (ISC) announces that the RRL module, currently the most effective defense against the use of DNS in Distributed Denial of Service attacks, is now part of the upcoming BIND release. A DNS DDoS attack works by forging queries that look like they came from the victim’s server, making it appear to be requesting a high volume of

Internet Systems Consortium (ISC) announces that it has sold its security-related assets to Farsight Security, Inc., (“Farsight”) a new company started by ISC founder, Paul Vixie. The DNSDB and SIE services developed by ISC over the past five years will now be provided by Farsight. “Paul Vixie has been the driving force in Internet security innovation at ISC for many

Last night, TechCrunch reported that LinkedIn and Fidelity.com faced an outage due to a DNS error. ISC staff and colleagues observed that the error was caused due to the changing of nameserver information at the registry; leading to DNS queries to be directed to nameservers that did not correctly answer those queries. Suzanne Woolf, ISC’s Director of Strategic Partnerships, points

Unexpected DNSSEC validation failures ISC was recently involved in the troubleshooting and diagnosis of a DNSSEC-validation interoperability issue between BIND 9 and PowerDNS, where BIND is acting as a recursive server, and PowerDNS is authoritative. The end result was that BIND marked the PowerDNS server as not supporting EDNS0. Since DNSSEC requires EDNS0 support, the PowerDNS server was no longer considered capable of

Beijing, China – 9 April 2013. Internet Systems Consortium (ISC) announces the creation of its first commercial subsidiary, DNSco. ￼DNSco combines a business view and full-service solution with ISC’s world-renowned technical excellence. For over 15 years ISC has been the world’s leading expert in DNS and related technologies such as DHCP. ISC employees are versed in every aspect of these

It has been a very eventful week in the field of DNS operations. In addition to the BIND vulnerability disclosed by ISC this week, the DNS world has been buzzing with news about “the biggest Distributed Denial of Service attack to date”, directed against Spamhaus by parties critical of their decision to list Cyberbunker as a spam source. As an

ORLANDO, FL–(Marketwire – Mar 12, 2013) – Internet Systems Consortium (ISC) is delighted to announce the launch of the Open Home Gateway Forum with an initial grant from Comcast. The OHGF is a Forum of ISPs and vendors and Internet development organizations, initiated and spearheaded by ISC, that aims to improve the rollout of new Internet technologies to home networks

If you’re like the majority of our training participants, your career in DNS* started in a similar fashion. Your knowledge of the protocol, the resilience of your DNS infrastructure, whether or not you like to use valid shortcuts in config files and so on are often very dependent upon which team you found yourself in when you first landed in